Cryptocurrency

Due to the insolvency of FTX, as well as certain reported defrauding activities in Taiwan, the Financial Supervisory Commission (FSC) introduced a set of guidelines for virtual asset service providers (VASPs) under the Money Laundering Control Act (the “Taiwan AML Act”) in September 2023. Further, in 2024, Taiwan’s AML Act was amended, and under the revised Act, VASPs operating without registration with the FSC for AML purposes could face criminal liability. Moreover, based on related news coverage, the FSC is contemplating the possibility of introducing a crypto-specific law, with a potential draft scheduled for announcement around June 2025. Please see 2.14 Impact of AML and Sanctions Rules and 6.3 Impact of the Emergence of Cryptocurrency Exchanges for further information.

AI

In the financial industry, the FSC rolled out the “Core Principles and Related Promotion Policies for the Use of Artificial Intelligence (AI) by the Financial Industry” in October 2023. Then, in June 2024, the FSC introduced the “Guidelines for the Use of Artificial Intelligence (AI) in the Financial Industry”. These guidelines, serving as administrative guidance, aim to help financial institutions implement, manage and oversee AI technologies effectively. The guidelines cover key areas such as: (1) establishing governance and accountability structures, (2) ensuring fairness and prioritising human-centred values, (3) safeguarding privacy and customer rights, (4) ensuring system security and robustness, (5) promoting transparency and explainability, and (6) fostering sustainable development.

In July 2024, the National Science and Technology Council (NSTC) released a draft version of the “Basic Act for Artificial Intelligence” (the “Draft AI Act”). The Draft AI Act does not set specific regulatory requirements for AI, but outlines the responsibility of the Ministry of Digital Affairs (MODA) to create an AI risk classification framework aligned with international standards.

Under such framework, relevant regulatory bodies, such as the FSC for the financial sector, may introduce industry-specific risk classification regulations.

It is important to closely follow the development of this AI legislation as it advances through the legislative process.

Commonly observed fintech applications in Taiwan include peer-to-peer lending, electronic payment solutions, robo-advisers and cryptocurrencies.

Please see below a brief introduction to the regulatory regimes applicable to certain commonly seen fintech applications:

Peer-to-Peer Lending

As of the time of writing, there are no specific laws or regulations governing peer-to-peer lending in Taiwan. However, the Bankers Association has introduced the “Self-Disciplinary Rules of Business Co-operation Between Member Banks of the Bankers Association and Peer-to-Peer Lending Operators”. These rules, filed with the FSC, outline areas in which banks can collaborate with peer-to-peer lending operators, such as fund custodian services, cash flow services, credit review and rating services, extending facilities to customers (peer-to-bank model), advertising and marketing activities, and credit document custody services.

Additionally, the FSC expressed its stance in related press releases that platform operators involved in matching peer-to-peer lending should not be regulated by the FSC at this time. Nevertheless, the FSC issued guidelines for peer-to-peer lending platform operators in October 2023 (the “P2P Guidelines”). Key aspects of those P2P Guidelines include the prohibition of regulated activities (eg, deposit taking, issuing of securities), implementation of a risk control mechanism (covering aspects such as real-name basis for lenders and borrowers, fund flow control, criteria for reviewing loan applications, and loan amount limits) and the inclusion of consumer protection measures.

Reports indicate that the Ministry of the Interior grant the approval for the creation of a P2P lending association in January 2025. According to the association’s preparatory office, members of the association will be required to follow the guidelines established by the FSC, with the core business activities encompassing P2P online lending and claims transfer.

Electronic Payment (or E-Payment)

In 2015, Taiwan introduced the Electronic Payment Institutions Act (the “E-Payment Act”) to regulate the online payment sector. Subsequently, in December 2020, the Legislative Yuan, Taiwan’s congress, implemented an amendment to the E-Payment Act, which officially came into effect on 1 July 2021. The modified E-Payment Act outlines the business scope for e-payment institutions, covering both “core businesses” and ancillary and derivative businesses.

The core businesses of an e-payment institution include (i) collecting and making payments for real transactions as an agent, (ii) accepting deposits of funds as stored-value funds, (iii) small-amount domestic and cross-border remittance services and (iv) foreign exchange services relating to the core businesses. The ancillary and derivative businesses of an e-payment institution include (a) assisting the contracted merchants with integration and transmission of acquiring and payment information, (b) sharing terminal equipment at the contracted merchants, (c) assisting the information exchange between the users and the contracted merchants, (d) providing an electronic Uniform Invoice system and its value-added services, (e) taking custody of the paid price of vouchers/tickets of goods/services, and assisting in the issuance, sales, validation and related services for vouchers/tickets, (f) providing services for integration of bonus points and offsetting/settling payments for real transactions with bonus points, (g) providing value-storing blocks in electronic stored-value cards or application programs for use by others, and (h) providing any planning, instalment, maintenance or consultancy services for the information system and facilities in relation to the above seven ancillary and derivative businesses of e-payment institutions.

The amended E-Payment Act also permits qualified non-e-payment institutions to apply to become a cross-border small-amount remittance service provider exclusively for foreign workers in Taiwan.

In Taiwan, for core business (i) above (collecting and making payments for real transactions as an agent), the FSC’s prior approval or licence is not required if the total amount of funds held by the institution as an agent does not exceed the limit set by the FSC. Such entities are classified as “third-party payment service providers” under Taiwan’s current regulatory regime. However, with the recent amendment to the Taiwan AML Act, these providers must now register with the FSC for AML purposes. Failure to complete this registration could result in criminal liability.

Robo-Advisers

In June 2017, the Securities Investment Trust and Consulting Association of Taiwan, the self-disciplinary body for the asset management industry, introduced the Operating Rules for Securities Investment Consulting Enterprises Using Automated Tools to Provide Consulting Service (the “Robo-Adviser Rules”), as approved by the FSC. According to these rules, securities investment consulting enterprises (SICEs) are permitted to offer online securities investment consulting services through automated tools utilising algorithms (“Robo-Adviser Services”). SICEs are obligated to adhere to specific regulations, including the following: (i) conducting periodic reviews of the algorithm; (ii) completing relevant know-your-customer procedures before providing advice; (iii) establishing a special committee to supervise the adequacy of the Robo-Adviser Services; and (iv) informing customers of precautions before utilising Robo-Adviser Services.

For the purpose of “rebalancing transactions” by robo-advisers, the FSC relaxed certain restrictions in 2021. This enables the execution of rebalancing transactions based on pre-agreed investment portfolios between the robo-adviser and its clients, involving securities investment trust funds or offshore funds (approved by or registered with the FSC), subject to the following conditions: (a) following the pre-agreed funds list with the client (up to 30 funds); and (b) aggregation of the absolute value of the change in the investment proportion for each portfolio, not exceeding 60%.

In March 2024, the FSC revised laws and regulations to promote automation and improve efficiency for securities firms, removing the previous ban on using computer systems to execute Robo-Adviser rebalancing transactions for clients.

Cryptocurrency

Cryptocurrency with the nature of securities (ie, security tokens) is subject to the rules and regulations governing security token offerings (STOs), while cryptocurrency without the nature of securities is subject to anti-money laundering related regulations. Please see 2.14 Impact of AML and Sanctions Rules, 6.1 Permissible Trading Platforms, 10.3 Classification of Blockchain Assets and 10.4 Regulation of “Issuers” of Blockchain Assets.

Please see below our understanding of the basic compensation models that may be adopted by certain fintech industry players:

Peer-to-peer lending: Charges by platform operator for matching the lenders and borrowers.

E-payment: Charges from contracted merchants for carrying out the transactions.

Robo-adviser: The SICEs charge consulting fees for rendering online securities investment consulting services through automated tools utilising algorithms.

Cryptocurrency: Depending on the business models adopted, exchanges/platform operators would require the handling fees or other charges for transactions/orders matched, or earn bid-ask spread.

There is no single set of regulations governing fintech industry participants. Whether and which specific financial laws and regulations will apply would depend on the business models, the products/services and even the operations of the industry players.

Taiwan has implemented a regulatory sandbox framework. The Fintech Development and Innovation and Experiment Act (the “Sandbox Act”) was enacted on 31 January 2018 and came into effect on 30 April 2018.

This regulatory sandbox serves as a testing ground for new fintech applications. Under the Sandbox Act, applicants, whether entities or individuals, must obtain approval from the FSC before entering the sandbox for experimentation. Throughout the experimental period, certain legal requirements, such as FSC licensing and specific liability exemptions, may be waived. Upon completion of the approved experiments, the FSC reviews the results. If the results are favourable, the FSC might contemplate revising current financial laws and regulations that impede the adoption of innovative financial practices in practical scenarios. Nevertheless, contingent upon the outcome of the FSC’s evaluation, the entity or individual from the sandbox could still be obligated to seek pertinent licences or approvals for the formal undertaking of activities previously implemented in the sandbox.

In Taiwan, the FSC is the government entity responsible for overseeing and regulating all financial products and services. Within the FSC, there are four bureaus: the Banking Bureau (BB), the Securities and Futures Bureau (SFB), the Insurance Bureau (IB) and the Financial Examination Bureau (EB). The BB, SFB and IB each have their own area of authority, that is, banking, securities or insurance, while the EB handles financial inspection and audits for all types of institutions regulated by the FSC. At present, there is no designated bureau responsible for overseeing fintech products and services. Consequently, the determination as to which bureau should regulate the respective fintech offerings is contingent upon the nature and characteristics of the products and services.

Also, the Central Bank of the Republic of China (Taiwan) (the “Central Bank”) will have the authority if foreign exchange will be involved.

In practice, when industry participants face uncertainty regarding laws or regulations, they may seek clarification from regulators. However, the responses provided by the regulators are not considered “no-action” letters.

The regulations governing outsourcing by financial services companies depend on the type of the company. For instance, banks must comply with the Regulations Governing Internal Operating Systems and Procedures for the Outsourcing of Financial Institution Operation, which only allow outsourcing of activities specified in those regulations. Some activities may require prior approval from the FSC. Other types of financial services companies (eg, securities firms, insurance companies, etc) have their own sets of outsourcing regulations.

Generally speaking, financial services companies conducting outsourcing should supervise the service providers (ie, outsourced entities), and there are provisions that are required to be specified in the outsourcing agreement. In the case of banks, for example, a bank’s outsourcing agreement shall specify the following contents:

• The scope of outsourcing and the responsibilities of service provider.
• A provision requiring the service provider to comply with certain laws and regulations.
• Consumer protection, including the confidentiality of customer data and adoption of security measures.
• A requirement for the service provider to carry out consumer protection, risk management, and internal control and internal audit in accordance with its standard operating procedures established under the supervision of the bank.
• Consumer dispute resolution mechanisms, including the timetable and procedure for handling disputes, and remedial measures.
• Management of a service provider’s employees, including employee recruitment, promotion, performance reviews and discipline.
• Material events that lead to the termination of an outsourcing agreement with the service provider, including a provision on termination or revocation of the agreement if so instructed by the competent authority.
• An agreement by the service provider to allow the competent authority and the Central Bank to access relevant data or reports and conduct financial examinations with respect to the outsourced items, or to provide relevant data or reports within a prescribed time period pursuant to an order of the competent authority or the Central Bank.
• An agreement by the service provider not to use the name of the outsourcing bank in the course of handling the outsourced items, nor to use untruthful advertising or charge the customers any fees when marketing loan services.
• A requirement for the service provider to inform the bank if the outsourced operation involves any material irregularities or deficiencies.

In Taiwan, the term “gatekeeper” lacks an official definition, but within the area of capital markets/IPOs, securities underwriters are commonly regarded as fulfilling the gatekeeper role. The regulation of securities underwriters falls under the Securities and Exchange Act, and there is currently no legislation specifically addressing securities underwriters in the context of fintech.

It is important to highlight, as mentioned in 6.1 Permissible Trading Platforms and 6.7 Rules of Payment for Order Flow, that as to security tokens/security token offerings (STOs), the platform operator is required to obtain a securities dealer licence rather than a securities underwriter licence. According to the STO regulations, after receipt of the application for issuance of an STO, a platform operator (ie, securities dealer) will need to conduct a due diligence investigation and confirm that the issuer meets certain conditions, which include, among others, the following: (a) the issuer has established an internal control system and implements it effectively; (b) the accounting treatment complies with the Business Entity Accounting Act; (c) the fundraising items and the business items operated by the issuer comply with the law; (d) the fundraising plan and its effects/benefits are necessary, reasonable and feasible; and (e) any programmed auto-execution that is done with respect to the security tokens offered is consistent with the description in the prospectus.

Enforcement actions often occur during criminal investigation procedures. News reports indicate that certain peer-to-peer lending platforms and cryptocurrency operators have been involved in illegal deposit-taking. Additionally, offences such as fraud and money laundering may be associated with e-payment and crypto-related activities.

In Taiwan, the Personal Data Protection Act (PDPA) governs the collection, use and processing of personal data. According to the PDPA, unless specified otherwise by law, a business entity must notify and obtain consent from an individual before collecting, processing or using his or her personal data, subject to certain exemptions. Therefore, if a fintech company will collect, process or use personal data, it must comply with the obligations specified in the PDPA.

Different financial service entities or their products and services may be subject to various cybersecurity regulations or standards. For example, if a fintech business operates in the e-payment sector, it must meet the relevant licensing requirements and adhere to security control rules specific to this type of business.

Also, according to the Cyber Security Management Act (CSMA), financial services firms classified as “critical infrastructure providers” (CIPs) by the Taiwanese government have certain obligations to fulfil. These include maintaining specific security levels, establishing internal information security rules, and reporting cybersecurity incidents to the government. While it is less likely for a fintech business to be designated as a CIP, the CSMA still applies if the financial service entities conducting these activities are regulated by the FSC and designated as CIPs by the Taiwanese government.

The requirements regarding the involvement of accounting/auditing firms or other vendors would depend on the individual fintech applications. For example, e-payment operators are required to place funds from their users in a bank’s trust account in full or obtain a full performance guarantee from a bank for the stored-value funds, and an accountant must be appointed to conduct quarterly audits of the state of compliance. As regards cryptocurrency, any VASP would be required to register with the FSC for AML purposes before such VASP may officially carry out its virtual asset-related business in Taiwan, and an accountant’s report on the VASP’s internal control should be attached to the filing for the registration.

In Taiwan, various self-regulatory organisations (SROs) exist for different sectors, and the relevant SRO for a fintech company depends on the specific activities it engages in. For instance: (1) e-payment institutions fall under the Bankers Association of the Republic of China, and FSC-licensed e-payment firms must adhere to its self-regulations; (2) for VASPs, the appropriate SRO is the VASP Association.

In general, financial services companies are prohibited from providing unregulated (non-financial) products or services, making it generally impractical to engage in such practices.

If fintech companies engage in financial services, such as e-payment or robo-advisory, they are subject to the Taiwan AML Act and its associated regulations.

Regarding cryptocurrency, the Taiwan AML Act includes VASPs in its anti-money laundering regulatory framework. Under the newly amended Taiwan AML Act as well as the Regulations Governing the Anti-Money Laundering Registration for VASPs (the “Crypto AML Registration Regulations”) which just came into effect at the end of November 2024, VASPs must register with the FSC for AML purposes (“Crypto AML Registration”) based on the type of services they offer. VASPs operating without Crypto AML Registration may face criminal liability.

Also, to enforce this framework, the FSC issued the Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises Providing Virtual Asset Services (the “Crypto AML Regulations”), newly amended in 2024. According to the Crypto AML Regulations, VASPs must establish various measures, including an internal control and audit mechanism, a procedure for reporting suspicious transactions and a know-your-customer procedure.

In November 2023, the Asia/Pacific Group on Money Laundering (APG) Mutual Evaluation Committee confirmed that Taiwan has retained its “regular follow-up” status. This decision, supported unanimously by APG members, is based on Taiwan’s 2023 follow-up report and extends its position in the “regular follow-up” category since the mutual evaluation in 2019.

In Taiwan, there is no general exemption for reverse solicitation. As a result, engaging in any regulated business without prior approval or a licence from the FSC may lead to criminal or administrative penalties if the activities are deemed to be conducted within Taiwan.

In Taiwan, Robo-Adviser Services are rendered by FSC-licensed SICEs, so the applicable asset classes would be limited to the types for which SICEs are permitted to provide their consulting services, especially the funds (with the nature of securities investment trust funds defined in Taiwan law) and exchange-traded funds approved by the FSC.

As indicated in 3.1 Requirement for Different Business Models, Robo-Adviser Services are rendered by FSC-licensed SICEs.

There is no rule specifically governing “best execution” under the Robo-Adviser Rules.

However, the Robo-Adviser Rules provide for certain rules regarding “fair and objective implementation”, which require a robo-adviser service provider to faithfully place customers’ interests as its top priority, avoid conflicts of interest, prohibit unjust enrichment, provide fair treatment, etc as principles. A robo-adviser service provider shall not be involved in any situation that may potentially result in a conflict of interest against its customers in respect of the portfolio-planning process. For example, when the objectivity of a robo-adviser’s suggestion is affected by any compensation or interest that such robo-adviser service provider receives from a product supplier, then such robo-adviser service provider shall ensure that its robo-adviser system is capable of performing the following functions fairly and objectively: (i) determining parameters for the investment portfolios such as investment return, dispersion, credit risk and liquidity risk; (ii) establishing criteria for selection of securities in investment portfolios such as transaction cost, liquidity risk, credit risk, etc; (iii) selecting appropriate securities in investment portfolios; if such securities are selected by algorithms, those algorithms shall be reviewed and audited as well; and (iv) examining whether the default investment portfolio recommendations are appropriate for the risk tolerance of the corresponding customers.

The Robo-Adviser Rules also put in place certain rules for the implementation of “rebalancing transactions” by robo-advisers as indicated in 2.2 Regulatory Regime.

Given the above, so long as the above-mentioned rules are followed, there should be no issue relating to best execution from the perspective of the Robo-Adviser Rules.

A local licensed bank may engage in lending business. However, conducting lending activities as a company’s registered business item is still not permitted in Taiwan currently, although lending does not fall within the type of business that may only be carried out by a local licensed bank.

Under Taiwan law, a bank’s lending to small businesses or individuals may be subject to stricter rules from the perspective of financial consumer protection.

As indicated in 4.1 Differences in the Business or Regulation of Fiat Currency Loans Provided to Different Entities, if a fintech company is not a licensed bank, then it may not register lending as one of its registered business items.

In the case of peer-to-peer lending, as indicated in 2.2 Regulatory Regime, pursuant to the P2P Guidelines, a peer-to-peer lending platform operator would need to have in place and implement relevant risk control mechanisms such as establishing criteria for reviewing loan applications and limits on loan amounts.

For bank loans, the funds are acquired through conventional means, similar to other traditional lending practices.

In peer-to-peer lending, the funds originate from lenders who are connected through the platform.

As far as we know, there have been no instances of syndicated loans being arranged entirely online in Taiwan. However, please note that according to the news in January 2024, the FSC has approved a digital-only bank’s trial application to participate in a syndicated loan.

Please see 2.2 Regulatory Regime regarding e-payment businesses.

Traditionally, only licensed banks may handle cross-border remittances, and payments through cheques and credit cards are also handled by banks.

However, the E-Payment Act now allows Taiwan e-payment operators to offer cross-border payment services in collaboration with non-Taiwan e-payment providers. Also, as mentioned in 2.2 Regulatory Regime regarding e-payment businesses, the revised E-Payment Act allows licensed non-e-payment institutions to apply to render cross-border small-amount remittance services exclusively for foreign workers in Taiwan.

In Taiwan, the main stock exchanges are the Taiwan Stock Exchange and the Taipei Exchange. The Taiwan Futures Exchange is specifically for trading exchange-traded futures and options. These exchanges are established and regulated under Taiwan’s securities and futures regulations, and they typically offer online trading services.

Regarding cryptocurrency trading, security tokens can only be traded by licensed securities dealers in accordance with the STO regulations. However, for cryptocurrencies that do not possess the characteristics of securities, crypto exchanges or trading platforms must comply with the Crypto AML Regulations, as mentioned in 2.14 Impact of AML and Sanctions Rules.

Please see 6.1 Permissible Trading Platforms.

As specified in 2.2 Regulatory Regime, 2.14 Impact of AML and Sanctions Rules and 6.1 Permissible Trading Platforms, assuming no STOs are involved, crypto exchanges are subject to the Crypto AML Registration Regulations and the Crypto AML Regulations, while STOs should follow STO regulations (please see 10.4 Regulation of “Issuers” of Blockchain Assets).

It is crucial to be aware that, in response to FTX’s insolvency as well as certain reported defrauding activities in Taiwan, the FSC introduced a set of guidelines for VASPs under the Taiwan AML Act in September 2023 (“VASP Guidelines”). These guidelines encompass various aspects, including (i) the responsibilities that an issuer must fulfil when issuing virtual assets, such as announcing the “whitepaper” on their website; (ii) the mechanism by which a VASP reviews the launch of virtual assets; (iii) the safekeeping and separation of assets belonging to the VASP and its customers; (iv) ensuring that transactions are conducted in a fair and transparent manner; (v) the management system for operations, information security and wallets (cold and hot); (vi) disclosing relevant information to the public; (vii) implementing internal controls and conducting audits; and (viii) the extent to which these guidelines apply to VASPs operating from outside Taiwan. While these guidelines do not carry the force of “hard law”, there is a general expectation that the FSC will progressively mandate compliance with these rules.

Also, as specified in 2.14 Impact of AML and Sanctions Rules, VASPs fall within the regulatory regime of the Taiwan AML Act, and VASPs operating without Crypto AML Registration may be subject to criminal liability.

Moreover, according to related news coverage, the FSC is contemplating the possibility of introducing a crypto-specific law, with a potential draft scheduled for announcement around June 2025. Industry participants are advised to closely monitor the prospective regulatory changes in Taiwan.

Please see 10.4 Regulation of “Issuers” of Blockchain Assets for certain regulations regarding listing of security tokens and non-security tokens.

For security tokens:

The STO regulations provide for the following trading rules, which may be relevant to order handling:

(i) A securities firm (ie, platform operator) shall adopt rules for the negotiated trading of security tokens and know-your-customer procedures, and publish them on its trading platform and incorporate them into its internal control system. Such negotiated trading rules shall include the trading platform’s business days and trading hours, price quote method, trade execution principles, price stabilisation mechanism, trading procedures, method for the advance collection of purchase prices and security tokens to be sold, and the handling of settlement and default.

(ii) The price quotes provided by the securities firm are nominal quotes, and the securities firm shall provide two-way (buy and sell) quotes. The trade price shall be negotiated between the securities firm and the customer.

(iii) A securities firm shall provide reasonable price quotes based on its professional judgement, and shall efficiently adjust demand and supply in the market depending on the market situation, and may not give a quote that deviates from a reasonable price, thereby impairing the formation of fair prices.

(iv) When making price quotations for and engaging in negotiated trading of security tokens that the securities firm issued itself, the securities firm shall pay special attention to reasonableness of price, and shall adopt in its internal control system a basis for the determination of price quotes and principles for negotiated trades.

For tokens without the nature of securities:

There is no law or regulation specifically governing how to handle trading orders. However, pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner. Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest.

Also, under the Crypto AML Registration Regulations, a VASP offering virtual asset exchange services must establish and publicly disclose its policy for preventing conflicts of interest. Additionally, the VASP is required to implement reasonable measures to protect customer interests and ensure the prompt and fair execution of customer exchange instructions.

Please see 2.2 Regulatory Regime, 2.14 Impact of AML and Sanctions Rules, 6.1 Permissible Trading Platforms and 6.3 Impact of the Emergence of Cryptocurrency Exchanges regarding crypto exchanges and trading platforms.

For peer-to-peer lending platforms, please refer to 2.2 Regulatory Regime.

We assume that “payment for order flow” refers to a fee/compensation received by an exchange or trading platform for routing/connecting a buy/sell order to a specific market maker/trader, who takes the other side of the order, and in such case, such market maker would be the seller to any buy order or buyer to any sell order.

For security tokens:

Trading (secondary market) for security tokens must completely follow the STO regulations, so the trading mechanism may not be freely structured as the “payment for order flow” method indicated above. Pursuant to the STO regulations, the platform operator should obtain a securities dealer licence and handle the trading by way of price negotiation. The platform operator should be the counterparty to every transaction and should offer a reasonable reference quotation based on the market conditions. Also, each security token under an STO programme may be traded only on a single platform.

For tokens without the nature of securities:

The VASP is silent in this regard. Please, however, note that pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner.

Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest. Therefore, as long as the rules outlined in the VASP Guidelines are followed, such practice should be allowed.

Also, under the Crypto AML Registration Regulations, a VASP offering virtual asset exchange services must establish and publicly disclose its policy for preventing conflicts of interest. Additionally, the VASP is required to implement reasonable measures to protect customer interests and ensure the prompt and fair execution of customer exchange instructions.

For security tokens:

According to the STO regulations, when a customer defaults on a settlement obligation, the securities firm (ie, platform operator) shall cancel the trade and, after immediately notifying the customer, shall itself pursue compensation.

There is no other rule specifically governing market integrity and market abuse on the part of the traders under the STO regulations.

For tokens without the nature of securities:

As was similarly stated in 6.5 Order Handling Rules, there is no law or regulation specifically governing market integrity and market abuse. However, pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner.

Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest.

Also, under the Crypto AML Registration Regulations, a VASP offering virtual asset exchange services must establish and publicly disclose its policy for preventing conflicts of interest. Additionally, the VASP is required to implement reasonable measures to protect customer interests and ensure the prompt and fair execution of customer exchange instructions.

To our knowledge, no regulations have been issued specifically for the creation and usage of technologies regarding high-frequency and algorithmic trading by securities brokers. Securities brokers would be required to have in place internal control systems and risk control systems in line with applicable rules and regulations of the FSC.

Under Taiwan law, no entity may conduct securities dealing as its business unless it has obtained prior approval from the FSC to act as a securities dealer.

As regards local funds, the most prevalent form of collective investment scheme in Taiwan is securities investment trust funds, which may be either offered to the general public or privately placed with specified individuals. Securities investment trust funds are managed by SITEs, which business may not be carried out without prior approval/licence from the FSC.

With respect to dealers, please see 7.2 Requirement to Be Licensed or Otherwise Register as Market Makers When Functioning in a Principal Capacity.

Given the above, in Taiwan, SITEs and securities dealers are subject to different sets of regulations.

No regulations have been issued for programmers who develop and create trading algorithms and other electronic trading tools, assuming such programmers do not carry out any activities that may only be conducted by FSC-licensed financial services entities. However, financial services entities’ purchase and use of the services provided by such programmers might be subject to relevant outsourcing regulations, depending on the individual circumstances.

In Taiwan, underwriting processes are governed by the Regulations Governing Business Solicitation, Policy Underwriting and Claim Adjusting of Insurance Enterprises (the “Underwriting Regulations”). According to the Underwriting Regulations, an insurance company shall establish internal systems and procedures for policy underwriting, which shall include, among others, the following:

• The qualifications, job descriptions, on-the-job training and reward/discipline of underwriters.
• Procedure and flow chart covering the process from acceptance of application to agreeing to underwrite a policy, including at least underwriting guidelines, financial underwriting mechanism, survival analysis and physical examination standards, insurance reporting mechanism, hierarchy of authority, and arrangement of reinsurance.
• The policy of understanding and evaluating the needs and suitability of the applicant and the insured.
• The operating procedure for evaluating whether the insured amount and premium payment are commensurate with the income, financial situation and occupation of the applicant or the insured.
• The operating procedure for evaluating the suitability of selling insurance products with surrender value (excluding small-amount whole-life insurance, group annuity insurance and accident insurance with an insurance period of less than three years) to customers over 65 years of age and considering whether the customer has the ability to distinguish situations that are disadvantageous to his or her rights and interests as an insured.
• The operating procedure for evaluating whether the sources of funding for payment of insurance premiums is from a terminated insurance contract, loan or policy loan.
• The operating procedure for confirming the identity of the applicant and that he or she has indeed purchased a policy, the identity of the insured and that the insured has given his or her consent to the policy purchased.
• The operating procedure for confirming that a designation or change of beneficiary has been consented to by the insured.
• The operating procedure for confirming that the applicant has indeed applied for a change to the content of the insurance contract that would affect risk assessment, and the identity and signature of the applicant and the insured.
• The operating procedure for the manner and duration of retaining and disposing of the personal data of the applicant, the insured and the beneficiary of policy applications, whether they were underwritten or not.
• The operating procedure for evaluating risks and the calculation and collection of insurance premiums shall be based on actuarial science and statistical data.

Under the Insurance Act, insurance is classified into two main categories: “non-life insurance” (covering fire, marine, land and air, liability, bonding and other non-life insurances) and “insurance of the person” (covering life, health, personal injury and annuity insurances), depending on the nature of the insured subject. As stipulated by the Insurance Act, a “non-life insurance” enterprise is exclusively involved in non-life insurance activities, and an “insurance of the person” enterprise solely engages in insurance of the person. Simultaneous involvement in both non-life insurance and insurance of the person by the same insurance enterprise is generally prohibited, except when a non-life insurance enterprise is granted approval by the FSC to carry out the businesses of personal injury insurance or health insurance.

From a regulatory perspective, certain insurance laws and regulations are applicable to both “non-life insurance” and “insurance of the person” enterprises. However, distinct principles and specific regulations may be applicable based on the nature of each insurance product involved, etc.

There are no specific laws or regulations governing regtech providers (assuming they are not financial services entities). However, if any regulated financial services entity wishes to outsource its operation to a regtech provider, outsourcing regulations governing financial services entities may apply. Please see 2.8 Outsourcing of Regulated Functions for outsourcing.

Please see 2.8 Outsourcing of Regulated Functions and 9.1 Regulation of Regtech Providers.

The rise of blockchain technology has led to financial institutions actively researching how to incorporate it into their products and services. Some have even established dedicated research and development departments for this purpose. However, since the financial industry is heavily regulated, the implementation of blockchain in this sector would need to overcome certain existing legal restrictions. Examples of the solutions to deal with such restrictions include applying to enter a regulatory sandbox, with two approved applications related to blockchain: (a) using blockchain for fund transfer information between financial institutions; and (b) providing a “fund exchange” service using blockchain technology. With the emergence of new business models and regulatory amendments, it is expected that the financial services industry will have even more applications of this technology in the future.

Apart from the regulations relating to cryptocurrencies mentioned in this article, the Taiwan government has not introduced any new regulations following the emergence of blockchain. However, two policy trends have been reported in local news:

(a) The Central Bank has established a special task force to study Central Bank Digital Currency (CBDC), which is commonly referred to as the digital New Taiwan Dollar. The task force has completed two exploratory projects on the possibility of issuing “wholesale CBDC” for financial institutions and “retail CBDC” for the general public. Regarding “wholesale CBDC”, the Central Bank has observed that a platform built with distributed ledger technology (DLT) does not necessarily outperform a platform with a centralised system.

(b) In March 2024, the then Chairperson of the FSC, Mr Huang, stated to the Legislative Yuan that the FSC is examining the feasibility of tokenising real-world assets (RWAs), with the most likely application being the tokenisation of fund interests. Further, in late 2024, the FSC established an RWA tokenisation task force in co-operation with the Taiwan Depository & Clearing Corporation and six financial institutions. The task force’s goal is to assess the preparations needed to advance RWA tokenisation in Taiwan and to foster more innovative and strategic development of financial technology.

Therefore, it is recommended that industry participants closely monitor the progress of these developments.

In December 2013, the Central Bank and the FSC initially conveyed the government’s stance on bitcoin through a joint press release (the “2013 Release”). As outlined in the 2013 Release, both authorities asserted that bitcoin does not qualify as “legal tender”, “currency” or a “generally accepted medium of exchange”. Instead, they classified it as a highly speculative digital virtual commodity. Furthermore, in March 2022, the FSC issued another press release affirming that crypto-assets, including bitcoin, are not recognised as currencies within the existing regulatory framework in Taiwan. Instead, these assets are considered digital virtual commodities.

Addressing the proliferation of initial coin offerings (ICOs) and other fundraising and investment activities involving virtual currencies or cryptocurrencies, the FSC released a press statement in December 2017 (the “2017 Release”) articulating its stance on ICOs. According to the 2017 Release, an ICO involves the issuance and sale of virtual commodities (such as digital interests, assets or virtual currencies) to investors. The categorisation of an ICO is contingent on a case-by-case assessment. If an ICO encompasses the offer and issuance of securities, it falls under the purview of Taiwan’s Securities and Exchange Act (SEA). Whether tokens in an ICO are deemed securities under the SEA is contingent on the specific circumstances of each case.

In July 2019, the FSC officially designated cryptocurrencies as having the nature of securities (ie, so-called “security tokens”) under the SEA (the “2019 Ruling”). According to the 2019 Ruling, security tokens refer to those that: (1) utilise cryptography, DLT or other similar technologies to represent their value that can be stored, exchanged or transferred through digital mechanisms; (2) are transferable; and (3) encompass the following attributes of an investment: (a) funding provided by investors; (b) funding provided for a common enterprise or project; (c) investors expecting to receive profits; and (d) profits generated primarily on the efforts of the issuer or third parties.

For security tokens:

In 2020, the FSC, in collaboration with the Taipei Exchange (TPEx), embarked on the development of regulations governing tokens having the nature of securities. Below are certain key rules under the STO regulations:

(1) For STOs with a value of TWD30 million or less, the issuance may be carried out following the STO regulations. For STOs exceeding TWD30 million in value, the issuing entity must first undergo evaluation within the regulatory sandbox as discussed in 2.5 Regulatory Sandbox.

(2) Qualifications of the issuer: The issuer must be a Taiwan-incorporated company limited by shares not traded on the Taiwan Stock Exchange or TPEx, or the Emerging Stock Market of the TPEx. Foreign entities are barred from acting as issuers in STO programmes.

(3) Types of security tokens: Permissible security tokens are limited to profit-sharing or debt tokens without shareholder rights.

(4) Eligible investors and amount limits: Professional investors are eligible to participate in STOs, with a maximum subscription amount of TWD300,000 per STO for natural persons. To promote STO development, the FSC adjusted the policy in a January 2022 press release. Subsequently, TPEx expanded the scope of eligible foreign investors meeting specific criteria under the STO rules in 2022.

(5) Issuance process: STOs must be conducted on a single platform, with the platform operator responsible for ensuring the issuer meets qualification requirements and prepares a required prospectus. In instances where the platform operator is itself an STO issuer, launching an STO requires prior review by TPEx.

For tokens without the nature of securities:

As indicated in 2.14 Impact of AML and Sanctions Rules and 6.1 Permissible Trading Platforms, for cryptocurrencies that do not possess the characteristics of securities, crypto exchanges or trading platforms must comply with the Crypto AML Registration Regulations and the Crypto AML Regulations. The Crypto AML Registration Regulations include specific provisions for issuers as follows:

(1) With some exceptions, a VASP offering virtual asset exchange services must disclose key details about the virtual assets, including the token’s whitepaper, which should contain information about the issuer, among other things.

(2) A VASP providing virtual asset trading platform services must establish criteria for reviewing virtual asset launches. These criteria should cover, among other factors, information about the issuer and the legal risks associated with the issuer.

Also, as indicated in 6.3 Impact of the Emergence of Cryptocurrency Exchanges, the VASP Guidelines encompass various aspects, including the obligations of an issuer related to the issuance of virtual assets, necessitating actions such as publishing a “whitepaper” on the issuer’s website. Additionally, the VASP Guidelines outline the mechanism for VASPs to review the launch of virtual assets.

Please see 2.2 Regulatory Regime, 2.14 Impact of AML and Sanctions Rules, 6.1 Permissible Trading Platforms and 6.3 Impact of the Emergence of Cryptocurrency Exchanges.

Currently, there are no laws or regulations that specifically address staking services. As a result, it is necessary to review existing regulations to determine how staking should be classified. There has been some debate about whether staking could be considered deposit-taking under the current Banking Act.

Currently, there are no laws or regulations that specifically address crypto-related lending services. As a result, it is necessary to review existing regulations to determine how such lending should be classified. Generally, if fiat currency lending is not considered a regulated activity, the same interpretation is likely to apply to cryptocurrency lending.

Derivatives trading could be classified as a regulated activity, even when the underlying assets are cryptocurrencies, rather than traditional assets like stocks, interest rates or foreign exchange.

It seems that the Taiwan government has not officially expressed its stance on DeFi activities.

However, it is important to consider the classification of DeFi activities on an individual basis, as there are no specific laws or regulations in place to govern or establish a legal framework alongside the growth of DeFi. It is necessary to review existing laws related to banking, trusts and futures to ensure adherence to applicable existing laws and regulations.

Currently, blockchain assets, including bitcoins, may not be invested by funds registered with or approved by the FSC.

The term “virtual asset” is defined in the Crypto AML Registration Regulations and the Crypto AML Regulations (as indicated in 2.14 Impact of AML and Sanctions Rules) as a digital representation of value with the use of cryptography, DLT or other similar technology that can be digitally stored, exchanged or transferred, and can be used for payment or investment purposes. However, virtual assets do not include digital representations of the New Taiwan Dollar, foreign currencies, currencies issued by Mainland China (ie, the PRC), Hong Kong or Macau, securities, and other financial assets issued in accordance with laws. There is no official/separate definition of “blockchain assets” under current Taiwan laws and regulations.

Currently, there are no specific laws or regulations pertaining to NFTs, which are commonly structured to represent digital art, music, collectibles, sports cards, photo albums and more. Therefore, the applicable laws and regulations should be determined based on their individual characteristics.

The most recent discussions surrounding NFTs have focused on what an NFT holder owns or obtains. It is important to review and examine the classification of each individual NFT on a case-by-case basis. Specifically, despite the “non-fungible” nature of NFTs, we cannot completely rule out the possibility of financial laws, such as securities regulations, applying to NFTs or their offerings.

Responding to the call for “open banking” from industry players and experts, the FSC has requested the Bankers Association to establish self-regulatory rules relating to the implementation of open banking in Taiwan. Choosing not to impose mandatory disclosure rules on banks, the FSC instead requested the self-regulatory organisation (ie, the Bankers Association) and the Financial Information Service Co. (FISC) to develop pertinent rules and information security standards for banks to follow.

The FSC has instituted a three-phase approach to the implementation of open banking. Phase I, which commenced in late 2019 permitted the accessibility of public product information by third parties, specifically third-party service providers (TSPs). Phase II involved gaining access to customer data, and according to related FSC press releases, multiple TSPs were granted approval to collaborate with certain banks during this phase. Phase III, which commenced in January 2024, focuses on transaction-related information. Scope included in Phase III encompass businesses/services in respect of deposits, credit cards, loans, payments, and remittances via mobile phone numbers.

Any open banking project, if it involves transfer of personal data, is subject to Taiwan’s PDPA. Please see 2.11 Implications of Additional, Non-Financial Services Regulations.

As regards data security, any project is required to follow the self-regulatory rules set out by the Bankers Association as well as the rules and security standards of the FISC, as specified in 11.1 Regulation of Open Banking.

In Taiwan, criminal fraud typically occurs when an actor intentionally carries out fraudulent activities, leading victims to give away their belongings/properties.

In the context of fintech, fraud may occur in circumstances such as (1) general fraud involving payment methods or cryptocurrency used during criminal activities (eg, used for payments resulting from fraudulent schemes) and (2) illegal fundraising associated with cryptocurrency, where the token issuer provides investors with misleading or false information that misrepresents the rights and interests in the tokens being issued.

The responsibility for the loss depends on the business model and specific circumstances. However, the greater the extent to which the loss can be attributed to the fintech service provider – such as due to gross negligence or even ordinary negligence – the more likely it is that the service provider will be held accountable for the loss.